skip to main content
research-article

Rotating behind Privacy: An Improved Lightweight Authentication Scheme for Cloud-based IoT Environment

Published: 09 June 2021 Publication History

Abstract

The advancements in the internet of things (IoT) require specialized security protocols to provide unbreakable security along with computation and communication efficiencies. Moreover, user privacy and anonymity has emerged as an integral part, along with other security requirements. Unfortunately, many recent authentication schemes to secure IoT-based systems were either proved as vulnerable to different attacks or prey of inefficiencies. Some of these schemes suffer from a faulty design that happened mainly owing to undue emphasis on privacy and anonymity alongside performance efficiency. This article aims to show the design faults by analyzing a very recent hash functions-based authentication scheme for cloud-based IoT systems with misunderstood privacy cum efficiency tradeoff owing to an unadorned design flaw, which is also present in many other such schemes. Precisely, it is proved in this article that the scheme of Wazid et al. cannot provide mutual authentication and key agreement between a user and a sensor node when there exists more than one registered user. We then proposed an improved scheme and proved its security through formal and informal methods. The proposed scheme completes the authentication cycle with a minor increase in computation cost but provides all security goals along with privacy.

References

[1]
M. Abdalla, P. Fouque, and D. Pointcheval. 2005. Password-based authenticated key exchange in the three-party setting. In Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography (PKC’05), Lecture Notes in Computer Science, 65–84.
[2]
Shubhani Aggarwal and Neeraj Kumar. 2020. Path planning techniques for unmanned aerial vehicles: A review, solutions, and challenges. Comput. Commun. 149 (2020), 270–299.
[3]
Z. Ali, S. A. Chaudhry, M. S. Ramzan, and F. Al-Turjman. 2020. Securing smart city surveillance: a lightweight authentication mechanism for unmanned vehicles. IEEE Access 8 (2020), 43711–43724.
[4]
Bander A. Alzahrani, Shehzad Ashraf Chaudhry, Ahmed Barnawi, Abdullah Al-Barakati, and Mohammed H. Alsharif. 2020. A privacy preserving authentication scheme for roaming in IoT-Based wireless mobile networks. Symmetry 12, 2 (2020), 287.
[5]
M. N. Aman, M. H. Basheer, S. Dash, J. W. Wong, J. Xu, H. W. Lim, and B. Sikdar. 2020. HAtt: hybrid remote attestation for the internet of things with high availability. IEEE IoT J. 7, 8 (2020), 7220–7233.
[6]
R. Amin, S. H. Islam, G. Biswas, M. K. Khan, L. Leng, and N. Kumar. 2016. Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput. Netw. 101 (2016), 42–62.
[7]
R. Amin, N. Kumar, G. P. Biswas, R. Iqbal, and V. Chang. 2018. A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment, Fut. Gener. Comput. Syst. 78 (2018), 1005–1019.
[8]
S. Banerjee, V. Odelu, A. K. Das, J. Srinivas, N. Kumar, S. Chattopadhyay, and K. K. R. Choo. 2019. A provably secure and lightweight anonymous user authenticated session key exchange scheme for internet of things deployment. IEEE IoT J. 6, 5 (2019), 8739–8752.
[9]
Rajanpreet Kaur Chahal, Neeraj Kumar, and Shalini Batra. 2020. Trust management in social Internet of Things: A taxonomy, open issues, and challenges. Comput. Commun. 150 (2020), 13–46.
[10]
Sravani Challa, Ashok Kumar Das, Prosanta Gope, Neeraj Kumar, Fan Wu, and Athanasios V. Vasilakos. 2020. Design and Analysis of Authenticated Key Agreement Scheme in Cloud-assisted Cyber–physical Systems. Future Generation Computer Systems 108 (2020), 1267–1286.
[11]
S. Challa, M. Wazid, A. K. Das, N. Kumar, A. Goutham Reddy, E. Yoon, and K. Yoo. 2017. Secure signature-based authenticated key establishment scheme for future iot applications. IEEE Access 5 (2017), 3028–3043.
[12]
C. C. Chang, H. D. Le, and A. Provably Secure. 2016. Efficientand flexible authentication scheme for ad hoc wireless sensor networks, IEEE Trans. Wireless Commun. 15, 1 (2016), 357–366.
[13]
Rajat Chaudhary. 2019. Gagangeet Singh Aujla, Neeraj Kumar, Sherali Zeadally, lattice-based public key cryptosystem for internet of things environment: Challenges and solutions. IEEE IoT J. 6, 3 (2019), 4897–4909.
[14]
S. A. Chaudhry, H. Alhakami, A. Baz, and F. Al-Turjman. 2020. Securing demand response management: A certificate-based access control in smart grid edge computing infrastructure. IEEE Access 8 (2020), 101235–101243.
[15]
Shehzad Ashraf Chaudhry, Taeshik Shon, Fadi Al-Turjman, and Mohammed H. Alsharif. 2020. Correcting design flaws: An improved and cloud assisted key agreement scheme in cyber physical systems. Comput. Commun. 153 (2020), 527–537. https://doi.org/10.1016/j.comcom.2020.02.025
[16]
Ashok Kumar Das, Mohammad Wazid, Neeraj Kumar, Athanasios V. Vasilakos, and Joel J. P. C. Rodrigues. 2018. Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment. IEEE IoT J. 5, 6 (2018), 4900–4913.
[17]
M. L. Das. 2009. Two-factor user authentication in wireless sensor networks. IEEE Trans. Wireless Commun. 8, 3 (2009), 1086–1090.
[18]
D. Dolev and A. Yao. 1983. On the security of public key protocols. IEEE Trans. Inf. Theory 29, 2 (1983), 198–208.
[19]
M. S. Farash, M. Turkanovic, S. Kumari, and M. Holbl. 2016. An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Netw. 36 (2016), 152.
[20]
Anwar Ghani, Khwaja Mansoor, Shahid Mehmood, Shehzad Ashraf Chaudhry, Arif Ur Rahman, and Malik Najmus Saqib. 2019. Security and Key Management in IoT based wireless sensor networks: an authentication protocol using symmetric key. Int. J. Commun. Syst. 32 (2019), 16.
[21]
Rajesh Gupta, Sudeep Tanwar, Sudhanshu Tyagi, and Neeraj Kumar. 2019. Tactile internet and its applications in 5G era: A comprehensive review. Int. J. Commun. Syst. 32 (2019), 14.
[22]
Rajesh Gupta, Sudeep Tanwar, Sudhanshu Tyagi, and Neeraj Kumar. 2020. Machine learning models for secure data analytics: a taxonomy and threat model. Comput. Commun. 153 (2020), 406–440.
[23]
Mahmood Ul Hassan, Shehzad Ashraf Chaudhry, and Azeem Irshad. 2020. An improved SIP authenticated key agreement based on Dongqing et al.Wireless Pers. Commun. 110, 4 (2020), 2087–2107.
[24]
W. B. Hsieh, J. S. Leu, and A. Robust. 2014. User authentication scheme using dynamic identity in wireless sensor networks. Wireless Pers. Commun. 77, 2 (2014), 979–989.
[25]
Sajid Hussain and Shehzad Ashraf Chaudhry. 2019. Comments on ”biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment.”IEEE IoT J. 6, 6 (2019), 10936–10940.
[26]
A. Irshad, S. A. Chaudhry, O. A. Alomari, K. Yahya, and N. Kumar. 2020. A novel pairing-free lightweight authentication protocol for mobile cloud computing framework. IEEE Syst. J. (2020), 1–9.
[27]
A. Irshad, M. Usman, S. A. Chaudhry, H. Naqvi, and M. Shafiq. 2020. A provably secure and efficient authenticated key agreement scheme for energy internet-based vehicle-to-grid technology framework. IEEE Trans. Industr. Appl. 56, 4 (2020), 4425–4435.
[28]
U. Javaid, M. N. Aman, and B. Sikdar. 2020. A scalable protocol for driving trust management in internet of vehicles with blockchain. IEEE IoT J. 7, 12 (2020), 11815–11829.
[29]
Q. Jiang, S. Zeadally, J. Ma, and D. He. 2017. Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5 (2017), 3376–3392.
[30]
N. Khalil, M. R. Abid, D. Benhaddou, and M. Gerndt. 2014. Wireless sensors networks for internet of things. In Proceedings of the International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP’14),1–6.
[31]
M. K. Khan and K. Alghathbar. 2010. Cryptanalysis and security improvements of a two-factor user authentication in wireless sensor networks. Sensors 10, 3 (2010), 2450–2459.
[32]
H. H. Kilinc and A T. Yanik. 2014. survey of sip authentication and key agreement schemes. IEEE Commun. Surv. Tutor. 16, 2 (2014), 1005–1023.
[33]
Zhihan Lv and Neeraj Kumar. 2020. Software defined solutions for sensors in 6G/IoE, computer communications. Comput. Commun. 153 (2020), 42–47.
[34]
Khalid Mahmood, Jehangir Arshad, Shehzad Ashraf Chaudhry, and Saru Kumari. 2019. An enhanced anonymous identity-based key agreement protocol for smart grid advanced metering infrastructure. Int. J. Commun. Syst. 32 (2019), 16.
[35]
Khalid Mahmood, Xiong Li, Shehzad Ashraf Chaudhry, Husnain Naqvi, Saru Kumari, Arun Kumar Sangaiah, and Joel J. P. C. Rodrigues. 2018. Pairing based anonymous and secure key agreement protocol for smart grid edge computing infrastructure. Fut. Gener. Comput. Syst. 88 (2018), 491–500.
[36]
Khwaja Mansoor, Anwar Ghani, Shehzad Ashraf Chaudhry, and Shahaboddin Shamshirband. 2019. Securing iot based rfid systems: A robust authentication protocol using symmetric cryptography. Sensors 19 (2019), 21.
[37]
T. S. Messerges, E. A. Dabbish, and R. H. Sloan. 2002. Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51, 5 (2002), 541–552.
[38]
Arzoo Miglani and Neeraj Kumar. 2019. Deep learning models for traffic flow prediction in autonomous vehicles: A review, solutions, and challenges. Vehic. Commun. 20 (2019).
[39]
J. Ni, K. Zhang, X. Lin, and X. S. Shen. 2018. Securing fog computing for internet of things applications: challenges and solutions. IEEE Commun. Surv. Tutor. 20, 1 (2018), 601–628.
[40]
Divya Prerna, Rajkumar Tekchandani, and Neeraj Kumar. 2020. Device-to-device content caching techniques in 5G: A taxonomy, solutions, and challenges. Comput. Commun. 153 (2020), 48–84.
[41]
Sandeep Saharan, Seema Bawa, and Neeraj Kumar. 2020. Dynamic pricing techniques for intelligent transportation system in smart cities: a systematic review. Comput. Commun. 150 (2020), 603–625.
[42]
W. Shi and P. Gong. 2013. A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. Int. J. Distrib. Sens. Netw. 2013 (2013).
[43]
Deepika Sirohi, Neeraj Kumar, and Prashant Singh Rana. 2020. Convolutional neural networks for 5G-enabled intelligent transportation system: A systematic review. Comput. Commun. 153 (2020), 459–498.
[44]
Jangirala Srinivas, Ashok Kumar Das, Neeraj Kumar, and Joel J. P. C. Rodrigues. 2019. TCALAS: temporal credential-based anonymous lightweight authentication scheme for internet of drones environment. IEEE Trans. Vehic. Technol. 68, 7 (2019), 6903–6916.
[45]
J. Srinivas, S. Mukhopadhyay, and D. Mishra. 2017. Secure and efficient user authentication scheme for multi-gateway wireless sensor networks. Ad Hoc Netw. 54 (2017), 147–169.
[46]
M. Turkanovic, B. Brumen, and M. Holbl. 2014. A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks. Ad Hoc Netw. 20 (2014), 96–112.
[47]
B. Vaidya, D. Makrakis, and H. T. Mouftah. 2010. Improved two-factor user authentication in wireless sensor networks. In Proceedings of the 2nd International Workshop on Network Assurance and Security Services in Ubiquitous Environments, 600–606.
[48]
M. Wazid, A. K. Das, V. Bhat, and A. V. Vasilakos. 2020. LAM-CIoT: lightweight authentication mechanism in cloud-based IoT environment. J. Netw. Comput. Appl. 150, 10249 (2020), 6.
[49]
M. Wolf and D. Serpanos. 2018. Safety and security in cyber-physical systems and internet-of-things systems. In Proc. IEEE 106, 1 (2018).
[50]
F. Wu, L. Xu, S. Kumari, and X. Li. 2017. A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J. Ambient Intell. Human. Comput. 8, 1 (2017), 101–116.
[51]
H. L. Yeh, T. H. Chen, P. C. Liu, T. H. Kim, and H. W. Wei. 2011. A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 11, 5 (2011), 4767–4779.

Cited By

View all
  • (2025)Lightweight 0-RTT Session Resumption Protocol for Constrained DevicesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.349779620(221-233)Online publication date: 1-Jan-2025
  • (2025)FA-SMW: Fog-Driven Anonymous Lightweight Access Control for Smart Medical WearablesIEEE Internet of Things Journal10.1109/JIOT.2024.348494512:4(4275-4285)Online publication date: 15-Feb-2025
  • (2024)Robust Multi-Factor Authentication for WSNs With Dynamic Password RecoveryIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345136419(8398-8413)Online publication date: 1-Jan-2024
  • Show More Cited By

Index Terms

  1. Rotating behind Privacy: An Improved Lightweight Authentication Scheme for Cloud-based IoT Environment

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Transactions on Internet Technology
      ACM Transactions on Internet Technology  Volume 21, Issue 3
      August 2021
      522 pages
      ISSN:1533-5399
      EISSN:1557-6051
      DOI:10.1145/3468071
      • Editor:
      • Ling Liu
      Issue’s Table of Contents
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 09 June 2021
      Accepted: 01 September 2020
      Revised: 01 August 2020
      Received: 01 June 2020
      Published in TOIT Volume 21, Issue 3

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. Security
      2. key-agreement
      3. cloud security
      4. IoT
      5. incorrectness
      6. traceability
      7. anonymity

      Qualifiers

      • Research-article
      • Refereed

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)69
      • Downloads (Last 6 weeks)4
      Reflects downloads up to 16 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2025)Lightweight 0-RTT Session Resumption Protocol for Constrained DevicesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.349779620(221-233)Online publication date: 1-Jan-2025
      • (2025)FA-SMW: Fog-Driven Anonymous Lightweight Access Control for Smart Medical WearablesIEEE Internet of Things Journal10.1109/JIOT.2024.348494512:4(4275-4285)Online publication date: 15-Feb-2025
      • (2024)Robust Multi-Factor Authentication for WSNs With Dynamic Password RecoveryIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345136419(8398-8413)Online publication date: 1-Jan-2024
      • (2024)A Security-Enhanced and Ultralightweight Communication Protocol for Internet of Medical ThingsIEEE Internet of Things Journal10.1109/JIOT.2023.332732211:6(10168-10182)Online publication date: 15-Mar-2024
      • (2024)LEAF-IIoT: Lightweight and Efficient Authentication Framework for the Industrial Internet of ThingsIEEE Access10.1109/ACCESS.2024.3357090(1-1)Online publication date: 2024
      • (2024)Fog-assisted de-duplicated data exchange in distributed edge computing networksScientific Reports10.1038/s41598-024-71682-y14:1Online publication date: 4-Sep-2024
      • (2024)Analyzing anonymous activities using Interrupt-aware Anonymous User-System Detection Method (IAU-S-DM) in IoTScientific Reports10.1038/s41598-024-67956-014:1Online publication date: 5-Aug-2024
      • (2024)Lightweight privacy-preserving authentication mechanism in 5G-enabled industrial cyber physical systemsInformation Sciences: an International Journal10.1016/j.ins.2024.120391666:COnline publication date: 1-May-2024
      • (2024)Lightweight and privacy-preserving device-to-device authentication to enable secure transitive communication in IoT-based smart healthcare systemsJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-024-04810-115:9(3331-3345)Online publication date: 21-Jun-2024
      • (2024)A sustainable mutual authentication protocol for IoT-Fog-Cloud environmentPeer-to-Peer Networking and Applications10.1007/s12083-024-01843-318:1Online publication date: 7-Dec-2024
      • Show More Cited By

      View Options

      Login options

      Full Access

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format.

      HTML Format

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media